07-04-2007 10:29 PM
Hi,
what is the significance of the following PI 7.0 roles?
sap_xi_administrator_j2ee
SAP_XI_CONFIGURATOR_J2EE
SAP_XI_CONTENT_ORGANIZER_J2EE
SAP_XI_DEVELOPER_J2EE
SAP_XI_MONITOR_J2EE
SAP_SLD_CONFIGURATOR
SAP_SLD_DEVELOPER
SAP_SLD_GUEST
SAP_XI_DEVELOPER_J2EE
Our UME data source is ABAP ..i.e when we assign these roles on the abap side they show up as groups assigned on Java. Most of the groups above do not have any roles or actions in them. i would like to know about their significance esp for the java roles.
I would also like to know what would be the approach for security on the UME.
Thanks,
Doug.
07-05-2007 7:46 AM
These roles are for Exhange Infrstructure (XI) related activities of monitoring/configuring SLD etc.
07-05-2007 7:46 AM
These roles are for Exhange Infrstructure (XI) related activities of monitoring/configuring SLD etc.
07-05-2007 1:48 PM
Thanks Murali. Can you tell me why most of these roles do not have actions in them.
07-05-2007 2:05 PM
Hi Doug,
The XI Java auths work by reading the role titles from the ABAP stack which correspond to groups in the Java stack. These groups are assigned privileges in the Java system.
This way, it is possible, via SU01 in the ABAP stack, to manage user access in both places. I can only imagine that SAP wanted the facility to segregate access in the different stacks, hence being able to give certain admin functions only in ABAP or Java. As there are things that you can only configure via the Java side, it makes sense to be able to provide a certain level of granularity in addition to whatever functions the user needs to perform in the ABAP stack
07-05-2007 3:00 PM
Thanks Alex. Can you give me an example where you can configure only on the Java side and not on the ABAP.
Also, some of the groups which i mentioned above do not have any roles or actions in the UME. Is it suuposed to be that way, if so can you explain me the reason why they're no actions in them.
Thanx.
07-05-2007 3:26 PM
At a previous client they insisted on having very limited access to maintain the SLD & as a result there were some users with only very basic auths on ABAP side & wider access to maint SLD on the Java side.
Not too sure about the missing stuff in the UME to be honest, I'm pretty sure all should have roles assigned, there is some info here on the roles they are supposed to have
http://help.sap.com/saphelp_nw04/helpdata/en/22/2ca0856c9d0c41beae4dcbeba6f0dc/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/4e/90a43f4aa1330ee10000000a114084/content.htm
07-05-2007 8:23 PM
Thanks again Alex. I'm trying to look for the same info for NW04s as PI is NW04s
Let me know if you are able to find one.
Thanks.
07-05-2007 8:32 AM
Hi,
Refer the link below for UME security policy.
http://help.sap.com/saphelp_nw70/helpdata/en/b5/16c43bdd3da244a1d3372a77b5f83f/frameset.htm
Thanks
R.Murali